Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/38sHph-_u4OzTEwq673kwkbwSo4.roa
File:                     38sHph-_u4OzTEwq673kwkbwSo4.roa (raw, json)
Hash identifier:          1216mD7R7fQXPWRWGZZ9yVIByqfl3I7B+b2OntoVxfk=
Subject key identifier:   DF:CB:07:A6:1F:BF:BB:83:B3:4C:4C:2A:EB:BD:E4:C2:46:F0:4A:8E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01977443512758EF6D96CC3634E88647C0CD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/38sHph-_u4OzTEwq673kwkbwSo4.roa
Signing time:             Sun 15 Jun 2025 15:44:18 +0000
ROA not before:           Sun 15 Jun 2025 15:44:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        89.213.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:74:43:51:27:58:ef:6d:96:cc:36:34:e8:86:47:c0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 15 15:44:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfcb07a61fbfbb83b34c4c2aebbde4c246f04a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:95:dd:34:ae:c8:ef:9c:73:d1:c2:b6:b0:da:
                    81:40:e0:3d:46:71:ed:1f:15:73:f0:7d:c2:37:aa:
                    b2:5f:90:41:67:43:88:be:70:53:dd:6d:83:4b:7a:
                    74:65:cf:84:fb:ab:0b:c5:21:57:aa:bf:ca:8d:c8:
                    79:7f:78:a9:7d:5c:32:76:4b:16:cc:b7:c9:79:85:
                    66:f0:d1:3f:97:2c:59:7f:b0:bf:c4:b7:90:5d:42:
                    4b:0d:56:04:21:4e:ba:83:33:c9:fa:84:e9:d9:78:
                    22:60:85:83:87:aa:cf:a4:35:f2:73:a6:ae:e0:e5:
                    bb:7c:65:45:03:0c:ea:a8:fd:c5:67:70:c2:ba:5a:
                    8c:e1:c6:24:b7:b2:9a:a5:0b:63:3c:93:29:db:fe:
                    a9:20:a6:7f:9a:78:64:99:ef:dc:a5:78:11:d1:be:
                    0f:16:ca:eb:64:a7:01:6e:b4:bd:00:71:67:19:d3:
                    55:ca:4e:10:71:04:8b:27:68:ce:14:d5:01:4c:b4:
                    e3:86:82:77:cc:04:80:a5:19:3f:79:47:ee:2f:7c:
                    04:f8:23:27:c0:90:f4:ec:14:a8:bf:61:8a:fa:31:
                    18:a5:5c:a5:81:69:71:74:1a:27:7e:fc:67:ae:bd:
                    c0:9d:8d:77:50:81:78:aa:3b:df:83:0c:3d:41:82:
                    9e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CB:07:A6:1F:BF:BB:83:B3:4C:4C:2A:EB:BD:E4:C2:46:F0:4A:8E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/38sHph-_u4OzTEwq673kwkbwSo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:83:69:0e:d2:31:47:f4:c5:ae:b9:24:5e:53:4a:1b:80:86:
         e4:21:2a:48:73:b1:9b:4c:53:fd:a1:37:df:17:c2:29:c2:c5:
         8e:b3:99:df:4d:fb:05:c9:8a:1b:fd:49:d7:9f:05:3e:2b:39:
         81:ae:5c:19:d0:0e:ac:c5:38:fd:15:37:93:be:5b:42:76:9c:
         0f:04:36:ac:a5:77:dd:b5:98:11:9b:9a:9c:d1:42:b4:58:9c:
         6b:1b:9f:72:98:a7:8e:ed:5e:a5:54:b7:bf:6c:f4:6d:73:cc:
         da:75:1d:bb:02:59:9a:33:c5:f4:0c:80:bd:64:1a:cf:e6:f4:
         cb:53:dd:52:cb:f1:6d:f0:55:a4:89:e3:b8:83:99:fb:38:d3:
         cb:d5:5d:97:e8:a6:fb:5d:b6:39:8f:d2:62:6b:ed:20:da:25:
         f0:37:fd:ee:b6:1e:ef:6a:81:af:11:ec:c7:bd:0a:3d:32:da:
         7c:ed:b2:c6:9b:6e:38:b5:ac:59:ed:67:21:38:4a:d2:a2:46:
         16:a5:0e:f0:a0:ae:d7:e6:6e:5e:17:97:3c:c9:6c:7a:14:35:
         9c:e8:fd:ab:8b:4f:21:68:f2:bf:ae:3f:19:cb:48:a6:0e:15:
         11:2e:ce:c1:5b:d1:8e:a9:83:5e:c3:08:38:92:c1:3c:61:c6:
         52:2e:27:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd0Q1EnWO9tlsw2NOiGR8DNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjE1MTU0NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNiMDdhNjFmYmZiYjgzYjM0YzRjMmFlYmJkZTRjMjQ2ZjA0YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZXdNK7I75xz0cK2sNqBQOA9RnHt
HxVz8H3CN6qyX5BBZ0OIvnBT3W2DS3p0Zc+E+6sLxSFXqr/Kjch5f3ipfVwydksW
zLfJeYVm8NE/lyxZf7C/xLeQXUJLDVYEIU66gzPJ+oTp2XgiYIWDh6rPpDXyc6au
4OW7fGVFAwzqqP3FZ3DCulqM4cYkt7KapQtjPJMp2/6pIKZ/mnhkme/cpXgR0b4P
FsrrZKcBbrS9AHFnGdNVyk4QcQSLJ2jOFNUBTLTjhoJ3zASApRk/eUfuL3wE+CMn
wJD07BSov2GK+jEYpVylgWlxdBonfvxnrr3AnY13UIF4qjvfgww9QYKeoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/LB6Yfv7uDs0xMKuu95MJG8EqOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzhzSHBoLV91NE96VEV3cTY3M2t3a2J3U280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWtMA0G
CSqGSIb3DQEBCwUAA4IBAQA4g2kO0jFH9MWuuSReU0obgIbkISpIc7GbTFP9oTff
F8IpwsWOs5nfTfsFyYob/UnXnwU+KzmBrlwZ0A6sxTj9FTeTvltCdpwPBDaspXfd
tZgRm5qc0UK0WJxrG59ymKeO7V6lVLe/bPRtc8zadR27AlmaM8X0DIC9ZBrP5vTL
U91Sy/Ft8FWkieO4g5n7ONPL1V2X6Kb7XbY5j9Jia+0g2iXwN/3uth7vaoGvEezH
vQo9Mtp87bLGm244taxZ7WchOErSokYWpQ7woK7X5m5eF5c8yWx6FDWc6P2ri08h
aPK/rj8Zy0imDhURLs7BW9GOqYNewwg4ksE8YcZSLifq
-----END CERTIFICATE-----